Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update ci k8s #590

Merged
merged 23 commits into from
Nov 18, 2022
Merged

Update ci k8s #590

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
dd697ed
Update .Dockerfile-actions
mosoriob Nov 17, 2022
8434284
fix: ci
mosoriob Nov 17, 2022
2283320
add: scanning
mosoriob Nov 17, 2022
72ca968
fix: testo
mosoriob Nov 17, 2022
b41d38c
fix: branch
mosoriob Nov 17, 2022
48b3797
fix: test update
mosoriob Nov 17, 2022
c1b2b00
fix: mint instances secret
mosoriob Nov 17, 2022
74177dd
fix: commit is not a valid option
mosoriob Nov 17, 2022
f3c8545
fix: add workdir
mosoriob Nov 17, 2022
6900bf4
fix: add helm
mosoriob Nov 17, 2022
8775c1d
fix: update
mosoriob Nov 17, 2022
1125551
fix: remove some steps to debug faster
mosoriob Nov 17, 2022
974f159
fix: typo
mosoriob Nov 17, 2022
7df28a3
fix: mint core default branch main
mosoriob Nov 17, 2022
92b0dcd
fix: typo
mosoriob Nov 17, 2022
cd87785
fix: typo
mosoriob Nov 17, 2022
5a5ff05
fix: change branch
mosoriob Nov 17, 2022
763409a
fix: test
mosoriob Nov 17, 2022
81c820c
fix: wrong property
mosoriob Nov 17, 2022
4dd2284
fix: test
mosoriob Nov 17, 2022
f4d7100
fix: full process
mosoriob Nov 17, 2022
80db1b0
fix: removing test
mosoriob Nov 17, 2022
d1524fc
fix: update isi, isi-dev and prod
mosoriob Nov 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .Dockerfile-actions
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM nginx:1.13.0-alpine
FROM nginx:1.23.2-alpine
WORKDIR /usr/share/nginx/html
COPY ./build/ ./
RUN sed -i "s/es6\///g" index.html
Expand Down
99 changes: 88 additions & 11 deletions .github/workflows/docker-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: "12.x"
node-version: "16.x"
- name: Cache Node.js modules
uses: actions/cache@v2
with:
Expand All @@ -38,8 +38,6 @@ jobs:
run: npm install
- name: Build (webpack)
run: npm run create-build
- name: Test
run: npm test
- uses: actions/upload-artifact@v2
with:
name: nextjs-build
Expand Down Expand Up @@ -106,21 +104,100 @@ jobs:
id: exposeValue
run: |
echo "::set-output name=docker_tag::${{ env.DOCKER_TAG }}"
- name: Checkout Target Repository

uses: actions/checkout@v2
- name: Checkout MINT Instances Repository
uses: actions/checkout@v3
with:
repository: mintproject/mint-instances
path: infrastructure
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.MINT_INSTANCES }}
ref: master

- name: Update Image Version in the related HelmChart values.yaml
- name: Checkout MINT Chart Repository
uses: actions/checkout@v3
if: github.ref == 'refs/heads/master'
with:
repository: mintproject/mint
path: mint-chart
token: ${{ secrets.MINT_INSTANCES }}
ref: main


- name: Update MINT ISI master
uses: fjogeleit/yaml-update-action@main
if: github.ref == 'refs/heads/master'
with:
valueFile: isi/values.yaml
propertyPath: "MINT.components.ui.image.tag"
value: ${{ env.DOCKER_TAG }}
message: "Update Image Version to ${{ env.DOCKER_TAG }}"
repository: mintproject/mint-instances
workDir: infrastructure
branch: master
token: ${{ secrets.MINT_INSTANCES }}

- name: Update MINT ISI WIFIRE
uses: fjogeleit/yaml-update-action@main
if: github.ref == 'refs/heads/master'
with:
valueFile: wifire/values.yaml
propertyPath: "MINT.components.ui.image.tag"
value: ${{ env.DOCKER_TAG }}
message: "Update Image Version to ${{ env.DOCKER_TAG }}"
repository: mintproject/mint-instances
workDir: infrastructure
branch: master
token: ${{ secrets.MINT_INSTANCES }}

- name: Update MINT ISI dev
uses: fjogeleit/yaml-update-action@main
if: github.ref == 'refs/heads/dev'
with:
valueFile: 'isi-dev/values.yaml'
propertyPath: 'components.ui.image.tag'
valueFile: isi-dev/values.yaml
propertyPath: "MINT.components.ui.image.tag"
value: ${{ env.DOCKER_TAG }}
message: "Update Image Version to ${{ env.DOCKER_TAG }}"
repository: mintproject/mint-instances
branch: master
workDir: infrastructure
message: 'Update Image UI Version to ${{ steps.image.outputs.version }}'
branch: master
token: ${{ secrets.MINT_INSTANCES }}


- name: Update helm charts
uses: fjogeleit/yaml-update-action@main
if: github.ref == 'refs/heads/master'
with:
valueFile: helm/values.yaml
propertyPath: "components.ui.image.tag"
value: ${{ env.DOCKER_TAG }}
message: "Update Image Version to ${{ env.DOCKER_TAG }}"
repository: mintproject/mint
workDir: mint-chart/
branch: main
token: ${{ secrets.MINT_INSTANCES }}

security:
permissions:
contents: read
security-events: write
packages: write
name: "Scan vulnerabilities in the image"
needs: [push]
runs-on: ubuntu-latest
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.DOCKER_IMAGE_REPOSITORY }}/${{ env.DOCKER_IMAGE_NAME }}:${{ needs.build.outputs.docker_tag }}
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
severity: ${{ env.VULNERABILITY_SCAN_LEVEL }}
exit-code: "0"
ignore-unfixed: "true"

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
if: always()
with:
sarif_file: "trivy-results.sarif"